Extended Authentication (Xauth) Configuration - NETGEAR ProSafe SRXN3205 Reference Manual

Wireless-n vpn firewall

Hide thumbs Also See for ProSafe SRXN3205:

Datasheet (4 pages)

Reference manual (218 pages)

Installation manual (2 pages)

Table Of Contents

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150

Table of Contents

ProSafe Wireless-N VPN Firewall SRXN3205 Reference Manual

a. Under Security Policy, Phase 1 Negotiation Mode, check the Aggressive Mode radio

button.

b. Check the Enable Perfect Forward Secrecy (PFS) radio button, and choose the Diffie-

Hellman Group 2 from the PFS Key Group pull-down menu.

c. Enable Replay Detection should be checked.

4. Click on Authentication (Phase 1) on the left-side of the menu and choose Proposal 1. Enter

the Authentication values to match those in the firewall ModeConfig Record menu.

5. Click on Key Exchange (Phase 2) on the left-side of the menu and choose Proposal 1. Enter

the values to match your configuration of the firewall ModeConfig Record menu. (The SA

Lifetime can be longer, such as 8 hours [28800 seconds]

6. Click the Save icon to save the Security Policy and close the VPN ProSafe VPN client.

To test the connection:

1. Right-click on the VPN client icon in the Windows toolbar and click Connect. The connection

policy you configured will appear; in this case "My Connections\modecfg_test".

2. Click on the connection. Within 30 seconds the message "Successfully connected to

MyConnections/modecfg_test is displayed and the VPN client icon in the toolbar will read

"On".

3. From the client PC, ping a computer on the firewall LAN.

Extended Authentication (XAUTH) Configuration

When connecting many VPN clients to a firewall, an administrator may want a unique user

authentication method beyond relying on a single common preshared key for all clients. Although

the administrator could configure a unique VPN policy for each user, it is more convenient for the

firewall to authenticate users from a stored list of user accounts. XAUTH provides the mechanism

for requesting individual authentication information from the user, and a local User Database or an

external authentication server, such as a RADIUS server, provides a method for storing the

authentication information centrally in the local network.

XAUTH can be enabled when adding or editing an IKE Policy. Two types of XAUTH are

available:

•

Edge Device. If this is selected, the firewall is used as a VPN concentrator where one or more

gateway tunnels terminate. If this option is chosen, you must specify the authentication type to

be used in verifying credentials of the remote VPN gateways: User Database, RADIUS-PAP,

or RADIUS-CHAP.

6-22

Virtual Private Networking Using IPsec

v1.0, July 2008

Table of Contents

Extended Authentication (Xauth) Configuration - NETGEAR ProSafe SRXN3205 Reference Manual

Extended Authentication (XAUTH) Configuration

Related Manuals for NETGEAR ProSafe SRXN3205

Related Content for NETGEAR ProSafe SRXN3205

Table of Contents